<?php 
if(!defined('DREAMSCAPE')){die('Sorry, but this file cannot be directly viewed.');} 
/*   Users   //-------*/
add_admin_menu(L_ADMIN_MANAGE_USERS,array('<a href="?cat=admin&amp;sub=users&amp;action=add">'.L_MENU_ADD.'</a>', 
'<a href="?cat=admin&amp;sub=users&amp;action=edit">'.L_MENU_EDIT.'</a>'),'users');

if($admin_sub !== 'users'){return;}
$users = isset($users) && is_object($users) ? $users : new Dreamscape('users');
if(ACTION == 'add'){
add_breadcrumb(L_USER_ADD_TITLE);
} elseif(ACTION == 'edit'){
	if(empty($item_id)){
	add_breadcrumb(L_USER_EDIT_TITLE);
	add_title(L_USER_EDIT_TITLE);
	} else {
	add_breadcrumb('<a href="index.php?cat=admin&sub=users&action=edit">'.L_USER_EDIT_TITLE.'</a>');
	add_title(L_USER_EDIT_TITLE);
	$users->Get($item_id);
	$bc_username = !empty($users->username) ? $users->username : '';
	add_breadcrumb(sprintf(L_CURRENTLY_EDITING, $bc_username));
	add_title(sprintf(L_CURRENTLY_EDITING, $bc_username));
	}
}

ozone_action('admin_page', 'users_content');
		function users_content(){
		global $output, $auth, $item_id, $users;
			if (ACTION == 'add'){
			
			 if (is_posting(L_BUTTON_ADD)) {
			$the_username = preg_replace('([^[:alnum:]_])', '',$_POST['username']);
			$the_displayname = preg_replace('([^[:alnum:]_[:space:].])', '',$_POST['displayname']);
			$url = htmlentities($_POST['url'], ENT_QUOTES);
			$password = md5(trim($_POST['password']));
			$confirmpassword = trim(md5($_POST['confirmpassword']));
			$email = htmlentities($_POST['email'], ENT_QUOTES);
			$admin = isset($_POST['admin']) ? 1: 0;
			$disabled = isset($_POST['disabled']) ? 1: 0;
			$section_admin = (int) $_POST['section_admin'];
			$created = isset($_POST['created']) ? $_POST['created'] : time();
			
			$users = get_dao('users');
			
			 if(($password == $confirmpassword) && !empty($password) && strlen($password) >= 6){
			 	if(isset($_POST['permissions']) && !empty($_POST['permissions'])){
					if(!empty($the_username)){
						$user = $users->GetList(array(array('username','=', $the_username)));
						if(empty($user)){
							$users->username = $the_username;
							$users->displayname = $the_displayname;
							$users->url = $url;
							$users->password = $password;
							$users->email = $email;
							$users->permissions = is_array($_POST['permissions']) ? serialize($_POST['permissions']) : serialize(array());
							$users->admin = $admin;
							$users->disabled = $disabled;
							$users->created = $created;
							$users->section_admin = $section_admin;
							if($users->SaveNew()){
							printOut(SUCCESS, vsprintf(L_USER_ADDED, array($users->username, $users->id)));
								$_POST = array();
							} else {
								printOut(FAILURE, vsprintf(L_USER_NOT_ADDED, array($users->username, mysql_error())));
							}
						} else {
						printOut(FAILURE,sprintf(L_USER_DUPLICATE_USERNAME, $user[0]->username));
						}
					} else {
						printOut(FAILURE, sprintf(L_MISSING_FIELDS, 'username'));
					}
				} else {
				printOut(FAILURE,L_USER_MISSING_PERMISSIONS);
				}
			 } else {
			printOut(FAILURE, L_USER_INVALID_PASSWORD);
			 }
 }
$sections = new Dreamscape('sections');
$cats = $sections->GetList(array(array('pid', '=', 0)));															
			?>
<?php echo $output ;?>
<p class="contentnote"><?php echo L_USER_PASSWORD_NOTE ?></p>
<label for="username"><?php echo L_USER_USERNAME ?></label><input name="username" value="<?php echo view(@$_POST['username']) ?>" type="text" class="formfields" id="username" size="30" /><br />
<label for="displayname"><?php echo L_USER_DISPLAYNAME ?></label><input value="<?php echo view(@$_POST['displayname']) ?>" name="displayname" type="text" class="formfields" id="displayname" size="30" /><br />
<label for="email"><?php echo L_USER_EMAIL ?></label><input name="email" value="<?php echo view(@$_POST['email']) ?>" type="text" class="formfields" id="email" size="30" /><br />
<label for="url"><?php echo L_USER_URL ?></label><input name="url" value="<?php echo view(@$_POST['url']) ?>" type="text" class="formfields" id="url" size="30" /><br />
<label for="password"><?php echo L_USER_PASSWORD ?></label><input value="<?php echo view(@$_POST['password']) ?>" name="password" type="password" class="formfields" id="password" size="30" /><br />	
<label for="confirmpassword"><?php echo L_USER_CONFIRM_PASSWORD ?></label>
<input value="<?php echo @$_POST['confirmpassword'] ?>" name="confirmpassword" type="password" class="formfields" id="confirmpassword" size="30" />
<br />		
<fieldset id="categoryBoxes"><legend><?php echo L_USER_PRIVILEGES ?></legend>
<input type="hidden" name="permissions" value="" />
<input type="checkbox" name="admin" id="adminCheck" value="1" /><label for="adminCheck" class="permBox"> <?php echo L_USER_ADMIN ?></label><br />
<p id="unCheck">&nbsp;</p>
                    <h2><?php echo L_USER_MODERATOR ?></h2>
					<input name="section_admin" type="radio" id="section_admin_admin" value="1" /><label id="section_admin_label" for="section_admin_admin"><?php echo L_USER_MODERATOR_ADMIN ?></label>
					<br />
<input name="section_admin" type="radio" id="section_admin_user" checked="checked" value="0" /><label id="section_user_label" for="section_admin_user"><?php echo L_USER_MODERATOR_USER ?></label>
<br />
					<?php 
					foreach($cats as $s){?>
					
					<input type="checkbox" name="permissions[]" id="perm_<?php echo $s->sectionname ?>" value="<?php echo $s->id ?>" />
					<label for="perm_<?php echo $s->sectionname ?>" class="permBox"><?php echo $s->sectionname ?></label> <br />
					<?php }
					
					?>
</fieldset>
					<fieldset><legend><?php echo L_USER_DISABLE_ACCOUNT ?></legend>
					<?php echo L_USER_DISABLE_ACCOUNT_NOTE ?><br />
<label for="disabled" class="permBox"><?php echo L_USER_DISABLE_LABEL ?></label>
					 <input type="checkbox" name="disabled" id="disabled" value="1" /> <br />
                   </fieldset>


<input name="submit" type="submit" class="buttons" id="submit" value="<?php echo L_BUTTON_ADD ?>" />



			<?php
			}
			elseif (ACTION == 'edit'){
				
				if (!empty($item_id)){
				 $users = get_dao('users');
				 $users->Get($item_id);
				 if (is_posting(L_BUTTON_EDIT)) {
			
			$the_username = preg_replace('([^[:alnum:]_])', '',$_POST['username']);
			$the_displayname = preg_replace('([^[:alnum:]_[:space:].])', '',$_POST['displayname']);
			$url = htmlentities($_POST['url'], ENT_QUOTES);
			$opass = trim($_POST['password']);
			$password = md5($opass);
			$confirmpassword = trim(md5($_POST['confirmpassword']));
			$email = htmlentities($_POST['email'], ENT_QUOTES);
			$admin = isset($_POST['admin']) ? 1: 0;
			$disabled = isset($_POST['disabled']) ? 1: 0;
			$section_admin = (int) $_POST['section_admin'];
			$created = isset($_POST['created']) ? $_POST['created'] : time();

				 if(!empty($opass)){
					if(($password == $confirmpassword) && !empty($password) && strlen($password) >= 6){
						$passwordok = true;
					} else {
					 $passwordok = false;
					 }
				 } else {
				 $passwordok = true;
				 }
			 if($passwordok){
				 
			 	if(isset($_POST['permissions']) && !empty($_POST['permissions'])){
					if(!empty($the_username)){
						$user = $users->GetList(array(array('username','=', $the_username)));
						if(empty($user)  || $the_username == $users->username){
							$users->username = $the_username;
							$users->displayname = $the_displayname;
							$users->password =  ($passwordok && !empty($opass)) ? md5(trim($_POST['password'])) : $users->password;
							$users->email = $email;
							$users->url = $url;
							$users->section_admin = $section_admin;
							if($users->primary_user){
								$users->permissions = $users->permissions;
								$users->admin = 1;
								$users->disabled = 0;
							} else {
								$users->permissions = serialize($_POST['permissions']);
								$users->admin = $admin;
								$users->disabled = $disabled;
							}
							if($users->Save()){
								printOut(SUCCESS, sprintf(L_EDIT_SUCCESS, $users->username));
								$_POST = array();
							} else {
								printOut(FAILURE, vsprintf(L_EDIT_FAILURE, array($users->username,mysql_error())));
							}
						} else {
						printOut(FAILURE, sprintf(L_DUPLICATE_USERNAME, $user[0]->username));
						}
					} else {
						printOut(FAILURE, sprintf(L_MISSING_FIELDS, 'username'));
					}
				} else {
				printOut(FAILURE, L_USER_MISSING_PERMISSIONS);
				}
			 
			 } else {
			 	printOut(FAILURE, L_USER_INVALID_PASSWORD);
			 }
			 
		}
			 
			 

$user = $users->Get($item_id);
$sections = get_dao('sections');
$cats = $sections->GetList(array(array('pid', '=', 0)));		
$hasitems = !empty($user) ? true : false;										 												
				?>
<?php echo $output ;?>
<?php if($user->primary_user) {?>
<p class="contentnote"><?php echo L_USER_PRIMARY_NOTE ?>
</p>
<?php } ?>
<?php 
if($hasitems){
$user->permissions = unserialize($user->permissions);
?>
<input type="hidden" value="1" id="edit_user" />
<label for="username"><?php echo L_USER_USERNAME ?></label><input name="username" type="text" class="formfields" id="username" value="<?php echo $user->username; ?>" size="30" /><br />
<label for="displayname"><?php echo L_USER_DISPLAYNAME ?></label><input name="displayname" type="text" class="formfields" id="displayname" value="<?php echo $user->displayname; ?>" size="30" /><br />
<label for="email"><?php echo L_USER_EMAIL ?></label><input name="email" type="text" class="formfields" id="email" value="<?php echo $user->email; ?>" size="30" /><br />
<label for="url"><?php echo L_USER_URL ?></label><input name="url" value="<?php echo $user->url; ?>" type="text" class="formfields" id="url" size="30" /><br />
<label for="password"><?php echo L_USER_NEW_PASSWORD ?></label><input name="password" type="password" class="formfields" id="password" size="30" />
<br />
<label for="confirmpassword"><?php echo L_USER_CONFIRM_NEW_PASSWORD ?></label><input name="confirmpassword" type="password" class="formfields" id="confirmpassword" size="30" />
<br />
<?php echo L_USER_NEW_PASSWORD_NOTE ?><br />

<?php if($user->primary_user) {?>
<div class="hidden">
<?php } ?>	
<fieldset id="categoryBoxes">
<legend><?php echo L_USER_PRIVILEGES ?></legend>
<input type="hidden" name="permissions" value="" /><input type="checkbox" name="admin" <?php echo $user->admin == 1 ? 'checked="checked"' : ''; ?> id="adminCheck" value="1" /><label for="adminCheck" class="permBox"> <?php echo L_USER_ADMIN ?></label><br />
<p id="unCheck">&nbsp;</p>

<h2><?php echo L_USER_MODERATOR ?></h2>
<input name="section_admin" type="radio" id="section_admin_admin" value="1" <?php echo $user->section_admin == 1 ? 'checked="checked"' : '' ?> /><label id="section_admin_label" for="section_admin_admin"><?php echo L_USER_MODERATOR_ADMIN ?></label>
<br />
<input <?php echo $user->section_admin == 0 ? 'checked="checked"' : '' ?> type="radio" name="section_admin" id="section_admin_user" value="0" /><label id="section_user_label" for="section_admin_user"><?php echo L_USER_MODERATOR_USER ?></label><br />
<?php 
foreach($cats as $s){?>

<input type="checkbox" name="permissions[]" <?php echo in_array($s->id, $user->permissions) || $user->admin == 1 ? 'checked="checked"' : ''; ?> id="perm_<?php echo $s->sectionname ?>" value="<?php echo $s->id ?>" />
<label for="perm_<?php echo $s->sectionname ?>" class="permBox"> <?php echo $s->sectionname ?></label> <br />

<?php } ?>

</fieldset>

<fieldset>
<legend><?php echo L_USER_DISABLE_ACCOUNT ?></legend>
<?php echo L_USER_DISABLE_ACCOUNT_NOTE ?><br />
<label for="disabled" class="permBox"><?php echo L_USER_DISABLE_LABEL ?></label>
<input type="checkbox" name="disabled" id="disabled" <?php echo $user->disabled == 1 ? 'checked="checked"' : ''; ?> value="1" />
<br />

</fieldset>
<?php if($user->primary_user) {?>
</div>	
<?php } ?>	
<label for="edit"></label><input name="submit" type="submit" class="buttons" id="submit" value="edit" />
<?php
}
				} elseif (empty($item_id)) {
				$users = isset($users) && is_object($users) ? $users : new Dreamscape('users');
				if(is_posting(L_BUTTON_DELETE)){
		if(isset($_POST['del'])){
				foreach($_POST['del'] as $id){
					$us = new Dreamscape('users');
					$us->Get($id);
					$result = array();
					if(empty($us->username)){
					continue;
					}
					$the_username =  $us->username;
					if($us->primary_user != 1){
					
						if(deleteItem($id, 'users')){
						$result[] = sprintf('<li>'.L_USER_ACCOUNT_DELETED.'</li>', $the_username);
						} else {
						$result[] = sprintf('<li>'.L_USER_ACCOUNT_NOT_DELETED.'</li>', $the_username);
						}
					
					} else {
					$result[] = sprintf('<li>'.L_USER_ACCOUNT_PRIMARY_NOT_DELETED.'</li>', $the_username);
					}
				
				}
				if(!empty($result)){
				$result = '<ul>'.implode('', $result).'</ul>';
				printOut(SUCCESS, $result);
				}
				
				}

				}
				$userList = $users->GetList(array(array('id','>', 0)));
				$hasitems = !empty($userList) ? true : false;
				?>
				<?php echo $output ;?>
<table id="users">
<tr><th></th><th></th><th><?php if($hasitems){ ?><label for="toggleBox"><?php echo L_DELETE_ITEM ?></label><input id="toggleBox" type="checkbox" value="" /><?php } ?></th></tr>
<?php	
foreach($userList as $ind => $user){
	$user->username = trim_title($user->username,L_USER_NO_USERNAME);
?> 
<tr<?php echo $ind % 2 ? ' class="altRow"' : ''; ?><?php echo $user->primary_user == 1 ? ' id="primaryUser"' : ''; ?>><td><a href="<?php echo $_SERVER['REQUEST_URI'] ;?>&amp;id=<?php echo $user->id; ?>"  title=" <?php echo $user->username; ?>" class="<?php echo $user->primary_user != 1 ? 'user' : 'primary'; ?>"><?php echo $user->username; ?></a></td><td><a href="<?php echo $_SERVER['REQUEST_URI'] ;?>&amp;id=<?php echo $user->id; ?>" title=" Edit <?php echo $user->username; ?>" class="editLink"><?php echo L_USER_EDIT_TEXT ?></a></td>
<td>
<label for="del<?php echo $user->id; ?>"></label><input id="del<?php echo $user->id; ?>" name="del[]" type="checkbox" value="<?php echo $user->id; ?>"<?php if($user->primary_user == 1){ ?>disabled="disabled" title="<?php printf(strip_tags(L_USER_ACCOUNT_PRIMARY_NOT_DELETED), $user->username); ?>"<?php } ?> /></td></tr>
<?php
} //End While
?> 

</table>
<?php if(count($userList) > 1){?><label for="submit"></label><input name="submit" id="submit" type="submit" value="<?php echo L_BUTTON_DELETE ?>" /><?php } ?>
<?php
				} //end isset item id
			}
}
		
?>